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CLAIMS 

What is claimed is: 

1 . A method for responding to network intrusions, comprising: 

a) receiving an intrusion detection system (IDS) alert from an IDS sensor located in a 
network of computing resources, wherein said IDS alert indicates an unauthorized intrusion 
upon a remotely located computing resource in said network of computing resources; 

b) identifying said IDS alert; and 

c) determining an appropriate response to said IDS alert that is identified at a 
location separate from said remotely located computing resource so that said determining 
said appropriate response is unaffected by said unauthorized intrusion; and 

d) automatically implementing said appropriate response to mitigate damage to said 
network of computing resources from said unauthorized intrusion. 

2. The method of Claim 1, wherein a) further comprises: 

al) detecting a suspicious intrusion into said computing resource; 
a2) determining said suspicious intrusion is unauthorized; 
a3) generating said IDS alert; and 

a4) sending said IDS alert to an IDS manager that is located remotely from said 
computing resource within said network of computing resources. 

3 . The method of Claim 2, wherein a2) further comprises: 

determining said suspicious intrusion is unauthorized when said suspicious intrusion 
matches with at least one of a list of unauthorized intrusions. 

4. The method of Claim 2, wherein al ) comprises: 
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detecting said suspicious intrusion at a host-based intrusion detection system 
(HIDS) sensor located on said computing resource. 

5 . The method of Claim 2, wherein al ) comprises: 

detecting said suspicious intrusion at a network-based intrusion detection system 
(NIDS) sensor located within said network of computing resources. 

6. The method of Claim 1 , wherein d) further comprises: 

dl) interfacing with a power controller that controls power to said computing 
resource to shut power to said computing resource. 

7. The method of Claim 1 , wherein d) further comprises: 

dl) interfacing with at least one switch, an associated switch, in said network of 
computing resources to virtually reconfigure said associated switch in order to virtually 
isolate said computing resource from remaining computing resources in said network of 
computing resources. 

8. The method of Claim 7, wherein said associated switch comprises an Ethernet 

switch. 

9. The method of Claim 7, wherein said associated switch comprises a Storage Area 
Network (SAN) switch. 

10. The method of Claim 7, wherein said at least one switch comprises a SAN 
switch and an Ethernet switch. 
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1 1 . The method of Claim 1 , wherein said network of computing resources 
comprises a provisional data center. 

12. A method for responding to network intrusions, comprising: 

a) receiving an intrusion detection system (IDS) alert from an IDS sensor in a 
network of computing resources at a location separate from an infected computing resource, 
wherein said IDS alert indicates an unauthorized intrusion upon said infected computing 
resource in said network of computing resources, wherein implementation of a response to 
said IDS alert is unaffected by said unauthorized intrusion; 

b) responding to said IDS alert by automatically interfacing with at least one switch 
in said network of computing resources to virtually reconfigure said at least one switch, an 
associated switch, in order to virtually isolate said computing resource from remaining 
computing resources in said network of computing resources; and 

c) responding to said IDS alert by automatically interfacing with a power controller 
that controls power to said computing resource to shut power to said computing resource. 

13. The method of Claim 12, wherein a) further comprises: 

al) detecting a suspicious intrusion into said computing resource; 
a2) determining said suspicious intrusion is unauthorized; 
a3) generating said IDS alert; and 

a4) sending said IDS alert to an IDS manager that is located remotely from said 
computing resource within said network of computing resources. 

14. The method of Claim 1 3 , wherein a2) further comprises: 

determining said suspicious intrusion is unauthorized when said suspicious intrusion 
matches with at least one of a list of unauthorized intrusions. 

1 5. The method of Claim 13, wherein al ) comprises: 
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detecting said suspicious intrusion at a host-based intrusion detection system 
(HIDS) sensor located on said computing resource. 

16. The method of Claim 13, wherein al) comprises: 

5 detecting said suspicious intrusion at a network-based intrusion detection system 

(NIDS) sensor located within said network of computing resources. 

17. The method of Claim 12, wherein said network of computing resources 
comprises a provisional data center. 

10 

1 8. The method of Claim 1 2, wherein said switch couples said computing resource 
to a virtual local area network. 

1 9. The method of Claim 1 2, wherein said switch comprises an Ethernet switch. 

15 

20. The method of Claim 12, wherein said associated switch comprises a Storage 
Area Network (SAN) switch. 

2 1 . The method of Claim 1 2, wherein said at least one switch comprises a SAN 
20 switch and an Ethernet switch. 

22. The method of Claim 1 2, wherein further comprising: 

automatically interfacing with said associated switch in said network of computing 
resources; and 

25 automatically interfacing with said power controller. 

23 . A computer system comprising : 
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a bus for communicating information associated with a method for responding to 
network intrusions; 

a processor coupled to said bus for processing said information associated with 
said method for responding to network intrusions; and 

a computer readable memory coupled to said processor containing program 
instructions, that when executed by said processor, implement said method for responding 
to network intrusions, comprising: 

a) receiving an intrusion detection system (IDS) alert from an IDS sensor located in a 
network of computing resources, wherein said IDS alert indicates an unauthorized intrusion 
upon a remotely located computing resource in said network of computing resources; 

b) identifying said IDS alert; and 

c) determining an appropriate response to said IDS alert that is identified at a 
location separate from said remotely located computing resource so that said determining 
said appropriate response is unaffected by said unauthorized intrusion; and 

d) automatically implementing said appropriate response to mitigate damage to said 
network of computing resources from said unauthorized intrusion. 

24. The computer system of Claim 23, wherein a) in said method further comprises: 
al) detecting a suspicious intrusion into said computing resource; 

a2) determining said suspicious intrusion is unauthorized; 
a3) generating said IDS alert; and 

a4) sending said IDS alert to an IDS manager that is located remotely from said 
computing resource within said network of computing resources. 

25. The computer system of Claim 24, wherein a2) in said method further 
comprises: 

determining said suspicious intrusion is unauthorized when said suspicious intrusion 
matches with at least one of a list of unauthorized intrusions. 
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26. The computer system of Claim 24, wherein al) in said method comprises: 
detecting said suspicious intrusion at a host-based intrusion detection system 

(HIDS) sensor located on said computing resource. 

27. The computer system of Claim 24, wherein al) in said method comprises: 
detecting said suspicious intrusion at a network-based intrusion detection system 

(NIDS) sensor located within said network of computing resources. 

28. The computer system of Claim 23, wherein d) in said method further 
comprises: 

dl) interfacing with a power controller that controls power to said computing 
resource to shut power to said computing resource. 

29. The computer system of Claim 23, wherein d) in said method further 
comprises: 

dl) interfacing with at least one switch, an associated switch, in said network of 
computing resources to virtually reconfigure said associated switch in order to virtually 
isolate said computing resource from remaining computing resources in said network of 
computing resources. 

30. The computer system of Claim 29, wherein said associated switch comprises 
an Ethernet switch. 

31. The computer system of Claim 29, wherein said associated switch comprises a 
Storage Area Network (SAN) switch. 
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32. The computer system of Claim 29, wherein said at least one switch comprises 
a SAN switch and an Ethernet switch. 

33. The computer system of Claim 23, wherein said network of computing 
5 resources comprises a provisional data center. 
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